Animated cursor flaw patch due from Microsoft early
By now you might have heard of the animated cursor flaw within Windows that among other things can cause your PC to crash if you download a specifically made .ani file. ANI files are animated cursor files which can be downloaded or used by websites to display different styles of cursors or small animations around the mouse pointer.
In this example the ANI file was used to create a “crash restart loop†on Vista. Microsoft says that all operating systems from fully patched Windows 2000 to Windows Vista installs are vulnerable.
Browsers affected by this flaw include IE6 running on any operating system and IE7 on Windows XP SP2 and Vista. In its “protected†(default) mode on Vista, IE7 will protect you from this flaw but it seems that some users out there don’t listen very well and have turned that off.
The exploit can also be launched in SPAM emails in which either an infected file attachment or a link to download an infected file is present. There was at least one instance of them being embedded in false security advisories.
I’d like to think that in this day and age it should just go without saying that you shouldn’t open an email with attachments or click on links in them if you don’t know who sent them, it seems some of you missed that memo so let this serve as a reminder.
Over 100 malicious sites have been spotted spreading this exploit now known as the Fubalca worm. This represents a 10 fold increase in a 24 hour period. Security firms and Microsoft now consider this to be a serious threat and are treating it as such. So much so that Microsoft pushed the patch for the ANI flaw to the head of the line and has completed testing on it.
The patch will be released tomorrow as a “Critical†update and will be available either via Automatic Updates or can be downloaded manually. Microsoft was set to release this update on April 10th but decided it was serious enough to warrant an early release.
Our recommendation is to turn on at least notifications of new updates, if nothing else; you should patch this flaw immediately and as soon as the update is released.
Related Posts:
April 3rd, 2007
[...] 10 annoying problems with Vista and working around them Vista is one of those operating systems that was “good enough” for release. Some users are finding that it does not work like XP, icons have been changed, menus have been rearranged and some features are harder to find. I can see how the average home user (most of you) out there could be confused by this. This post might help you sort some of those out. The first thing is there is no more BOOT.INI file available in msconfig. So? This file was used to change your boot if you had multiple operating systems installed. Vista has something called BCEDIT which is not user friendly; I do not recommend using it. What can you do… what can you do… download Vista Boot Pro, this freeware program offers an easy to use interface, click the options you want, select the OS to Boot first and click Apply. How did the big guns at ZDNet manage to miss that? Problem number one, solved. Next on the list is the buried display settings problem. Burying and hiding settings from users is not a good thing but I don’t really feel that this is what they have done. Sure, you have to right click on your desktop and go down to Display Settings but if you have a sufficiently large display with a resolution of at least 1024 x 768 you won’t have to scroll to find it. Yeah, it could be annoying but if you think about it, it is more logically organized. The Control Panel is hard to navigate. It is, in its default view mode. The “Control Panel Home” function is just annoying; you don’t know where any one feature is going to be. Everything has a name or heading and under that you will find the various functions, I want to know who thought this was a GOOD idea. It’s the same in XP, just switch to the Classic View. I know of no one who uses the default views in XP or Vista, they are just confusing. I agree on this one but only if you haven’t switched to the classic view. Vista has more shut down options. More is good, isn’t it? That’s how us power users think, the more options and customizability, the better. And then, there are those that aren’t power users where more options just usually end up adding to the mess and confusion. Depending on the version of Vista installed, there will be up to nine shut down options. But it’s not that confusing. Vista Home Premium has seven so let’s go with that. It has: Switch User, Log Off, Lock, Restart, Sleep, Hibernate and Shut Down. I don’t see anything confusing here. All of them are named by exactly what they do. Sleep has the same function as Standby in XP, Hibernate does the same thing it did in XP and Shut Down, well, shuts the PC down. There is nothing confusing here. Poor application support, this shouldn’t come as any surprise. Vista doesn’t like old applications but it doesn’t like specific kinds of applications. Programs that have to integrate themselves deeply into the operating system like Firewalls and AntiVirus will usually fail to install or function properly under Vista. But, a select few do, McAfee, Norton, Avast and AVG are some I can name off the top of my head that have Vista versions ready. As far as Firewalls go, only the PC Tools Firewall is currently working on Vista, please don’t rely on the Vista firewall, a third party firewall is a necessity if you are not behind a router. Office 2000 does not run under Vista, only Office 2003 to Office 2007 are supported. Oh well, hopefully you are a student or government employee and can get awesome discounts on Microsoft products, if not, I feel for you. Hardware requirements. Ever since Vista (then Longhorn) was announced; people were complaining about the hardware requirements. Being in the technology field and doing my fare share of gaming, video editing, audio editing, photo editing and so on, I’ve always had high-end computers and so do my circle of friends, but recently I came to realize not everyone lives that way (I shutter to think what that is like). To run Aero Glass you will be best served by having 1GB of memory, a sufficiently fast processor of 1.8GHz of the Pentium 4, Pentium D, Athlon XP, Athlon 64 or Athlon 64×2 lines and a dedicated DirectX 9, Shader Model 2.0 compliant video card with 128MB of memory. Considering an okay video card can be had for $54, it’s not a huge investment. These are not robust requirements considering the level of today’s hardware and if you don’t have at least that, I’d say it’s time to get a new computer but if you aren’t interested in running Vista then it doesn’t matter. We are on the cusp of DirectX 10 and Shader Model 4.0, I hope you can see exactly how ancient those requirements are. Another issue I agree on, too many product options. Vista comes in several versions, Home Basic, Home Premium, Business, Enterprise and Ultimate. Adding insult to injury is the fact that if you buy the OEM discs you have to choose between 64-bit and 32-bit editions essentially doubling the options. For most home users, Vista Home Premium is the best choice. Business and Enterprise have encryption features that most home users would never touch. These are the versions that corporations should buy. So that leaves three versions for the rest of us, Home Basic, Premium and Ultimate. Home Basic lacks just about everything so it’s useless, don’t even consider it. This leaves Home Premium and Ultimate. Home Premium has just about all the features you will need, it’s the version I suggest to most people. Ultimate has all the features of Home Premium, Business and Enterprise and it comes with a price to go with those features. If you are in doubt and do not run a business, you can’t go wrong with Home Premium and if that’s not the version you want, use the Any Time upgrade feature to upgrade your Vista Edition, you can only go up, you cannot downgrade from, say Home Premium to Home Basic. Love them or hate them, UAC prompts are there to protect you. I suggest leaving this on if you can live with them. They are not nearly as bad as they were in the Longhorn and RC versions of Vista. Even administrators in Vista are running with reduced privilege levels so if something needs more you must grant it permission. The advantage to an Admin account is you don’t need to enter a password; standard account users will either have to know the password or will have to get in touch with someone who does to proceed with a process that needs UAC permission. This also causes problems with some programs. If you turn off the UAC feature, Adobe Reader 8.0 for Vista will fail to install properly. UAC must be on for some programs to function properly under Vista. Turn it off if you wish but be warned you may encounter issues by doing so. Vista is expensive but not if you buy the OEM versions which is a good way to save a few bucks. The full version of Vista Home Premium OEM will cost about $120, which is about the same price as Windows XP Home was at retail. I’m considering this busted because if you know where to look, Vista is not that expensive. You don’t get phone-in support from Microsoft or any documentation with OEM versions so be aware of that. It’s partly broken. Yeah and what new operating system isn’t. There are already tons of updates for Vista with another on its way out to patch the ANI flaw. This is to be expected, remember when XP first came out, yeah, it was much worse. As far as I am concerned Microsoft has done a better job with Vista than with XP when it first came out. It has problems but eventually they will be fixed but all operating systems will always have a security hole or flaw that may or may not be patched. Source:VISTA.BLORGE.com » Blog Archive » 10 annoying problems with Vista and working around them [...]
April 3rd, 2007
[...] It’s partly broken. Yeah and what new operating system isn’t. There are already tons of updates for Vista with another on its way out to patch the ANI flaw. This is to be expected, remember when XP first came out, yeah, it was much worse. As far as I am concerned Microsoft has done a better job with Vista than with XP when it first came out. It has problems but eventually they will be fixed but all operating systems will always have a security hole or flaw that may or may not be patched. Source:http://vista.blorge.com/2007/04/03/10-annoying-things-about-vista-and-working-around-them/ [...]
April 8th, 2007
Um, the update is actually not thought through. When the update was installed on my computer, games would only play for 5 minutes tops before crashing the comp to restart completly. It didn’t just get guilty parties, but ANYTHING that has ever used an animated cursor, it seems (Sims 2 and PlayOnline were the games I tried), gets screwed over by this.
Hopefully MS will do something to fix the patch it got out too soon to see what it actually DID to legit programs that use animated cursors.
April 8th, 2007
Yes… I’ve heard of PCs crashing due to this patch, mine included… look for a post about that in the future, possibly tomorrow but no promises.
April 9th, 2007
[...] Even Microsoft’s own ANI patch has caused instabilities in Vista causing random crashing, crash restart loops and other ills. The point is you really can’t trust anyone to produce a reliable patch these days, not even Microsoft. Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
April 15th, 2007
[...] It’s partly broken. Yeah and what new operating system isn’t. There are already tons of updates for Vista with another on its way out to patch the ANI flaw. This is to be expected, remember when XP first came out, yeah, it was much worse. As far as I am concerned Microsoft has done a better job with Vista than with XP when it first came out. It has problems but eventually they will be fixed but all operating systems will always have a security hole or flaw that may or may not be patched. Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages. [...]
August 16th, 2007
Cell Phones Tracer
I couldn’t understand some parts of this article, but it sounds interesting
October 4th, 2007
Types Of Computer Viruses
I couldn’t understand some parts of this article, but it sounds interesting
June 27th, 2008
[...] … EU tries to ditch microsoft Vista, XP and Office for open-standard. Today’s most popular …http://vista.blorge.com/2007/04/02/animated-cursor-flaw-patch-due-from-microsoft-early/Cursor hole puts Windows PCs at risk – CNET News.comVulnerability in the way Windows handles [...]